Replier
Start free trial

Privacy Policy

Last updated: 5 June 2026

This Privacy Policy explains how AI Lab (“we”, “us”, “our”) handles information in connection with the Replier app for iOS and macOS (the “App”) and this website. Replier is designed to be privacy-first: the most sensitive information it touches — your App Store Connect API key — never leaves your device, and we do not require you to create an account with us.

The short version. Your App Store Connect key is stored only in your device’s Keychain and is used to talk to Apple directly from your device. When you ask the App to draft a reply with AI, only the review text, your app’s name and your reply guideline are sent to our backend, which passes them to our AI provider to generate the reply. We have no user accounts, run no advertising or tracking, and do not sell your data.

1. Who we are

Replier is operated by AI Lab. For any privacy questions or requests, contact us at support@al-lab.com.au. Where required, AI Lab is the data controller for the limited processing described below.

2. Information involved

Replier deliberately minimises the data it handles. The categories below describe information the App works with — most of it never reaches us:

  • App Store Connect API credentials — your Issuer ID, Key ID and the private .p8 key you import. These stay on your device (see section 3).
  • Your App Store data — your apps, their customer reviews (rating, title, body, reviewer nickname, territory, dates) and developer responses, retrieved from Apple using your key.
  • Reply guideline — the instructions you write to steer the tone and content of AI drafts.
  • AI request content — when you generate a reply, the specific review plus your app name and guideline (see section 4).
  • Subscription status — whether you hold an active Replier Pro entitlement, determined on-device via Apple’s StoreKit (see section 6).
  • App Check attestation — a short-lived token proving the request comes from the genuine App (see section 4).

We do not ask for your name, email or any account with us, and the App contains no third-party advertising or analytics SDKs.

3. Data that stays on your device

The following never leaves your device and is never transmitted to us:

  • Your App Store Connect .p8 private key is stored in the device Keychain with this-device-only protection (it is not synced to iCloud). The App uses it locally to mint short-lived signed tokens for Apple’s API.
  • Your Issuer ID, Key ID, reply guideline and app settings are stored locally on your device.
  • Reviews and responses you fetch are exchanged directly between your device and Apple; they are held in the App for display and are not copied to our servers.

Because this data lives on your device, removing it is as simple as deleting it in the App’s settings or uninstalling the App.

4. Data sent for AI replies

AI reply generation (part of Replier Pro) is the one feature that contacts our backend. When you tap Generate with AI, the App sends the following to a backend function we operate on Google Firebase (Cloud Functions):

  • the review you’re replying to — its rating, title, body, reviewer nickname, territory and any existing response;
  • your app’s name; and
  • your reply guideline.

Our backend attaches no identifier for you and forwards this content to our AI provider, OpenAI, which generates the suggested reply that is returned to your device. Your App Store Connect key is never sent to this backend or to OpenAI.

To prevent abuse of this backend, each request carries a short-lived Firebase App Check token (via Apple’s App Attest) that proves the request comes from a genuine copy of the App. This token attests the app instance, not your identity.

We do not build profiles from review content and do not use it for advertising. Requests may be logged transiently for security, abuse-prevention and debugging (for example, error diagnostics), and such operational logs are kept only as long as needed for those purposes. OpenAI processes the content to return a reply under its own terms; see “Sharing & sub-processors” below.

5. App Store Connect & Apple

Replier communicates with Apple’s App Store Connect API directly from your device to list your apps, read customer reviews, and create, update or delete your developer responses. This communication is between you (using your own key) and Apple, and is governed by your agreements with Apple and by Apple’s privacy policy. We are not a party to that exchange and do not receive a copy of it.

6. Subscriptions & purchases

Replier Pro is an auto-renewable subscription sold through Apple’s App Store using StoreKit. Your purchase, billing and renewal are handled entirely by Apple — we do not receive or store your payment details. The App checks your subscription entitlement on-device through StoreKit to unlock AI features. Apple may provide us aggregate, non-identifying sales and subscription reporting through App Store Connect. Apple’s handling of your purchase is governed by Apple’s privacy policy.

Where the EU/UK GDPR applies, our limited processing relies on: performance of a contract (providing the AI reply feature you request); and our legitimate interests in keeping the backend secure and preventing abuse (App Check, transient operational logs). Where required, we rely on your consent, which you can withdraw by not using the AI feature.

8. Retention

On-device data (your key, settings, guideline and fetched reviews) is retained on your device until you delete it or uninstall the App. We do not maintain a database of your reviews or replies. Transient operational and security logs associated with AI requests are retained only for as long as necessary for diagnostics and abuse-prevention and are then deleted or de-identified in the ordinary course.

9. Sharing & sub-processors

We do not sell your personal information and do not share it for advertising. We rely on the following service providers to operate the AI feature:

  • Google Firebase (Cloud Functions, App Check) — hosts the backend function and verifies request attestation.
  • OpenAI — receives the review content and guideline solely to generate the suggested reply, and returns it.

Each provider processes data under its own terms and privacy policy. We may also disclose information if required by law or to protect our rights, users or the security of the service.

10. International transfers

Our service providers may process data on servers located outside your country, including in the United States. Where such transfers involve personal data subject to the GDPR or Australian law, they are made in reliance on the providers’ safeguards (such as Standard Contractual Clauses) and applicable legal mechanisms.

11. Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict processing of your personal data, to object to processing, and to data portability. Because most data Replier handles is stored only on your device and we hold no user account, you can exercise many of these rights directly by editing or deleting data in the App, or by uninstalling it.

For the limited processing we perform (AI requests and related security logs), you can contact us at support@al-lab.com.au and we will respond as required by applicable law. If you are in the EEA/UK you may lodge a complaint with your local supervisory authority; if you are in Australia you may contact the Office of the Australian Information Commissioner (OAIC). We handle personal information in line with the Australian Privacy Principles.

12. Children

Replier is a tool for app developers and is not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us information, contact us and we will delete it.

13. Security

We use measures appropriate to the sensitivity of the data: your App Store Connect key is kept in the device Keychain (this-device-only) and never transmitted to us; requests to Apple and to our backend use encrypted HTTPS connections; the AI backend rejects requests that fail App Check verification; and the AI provider’s credentials are held server-side and never shipped in the App. No method of transmission or storage is completely secure, but we work to protect your information.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above, and material changes will be reflected here. Your continued use of the App after an update means you accept the revised policy.

15. Contact us

Questions, requests or concerns about privacy? Email us at support@al-lab.com.au.

← Back to home